CVE-2020-36978

Description

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-27 | Updated 2026-01-29 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Vulnerability-Lab finder

References

www.exploit-db.com/exploits/49063 exploit

www.exploit-db.com/exploits/49063 (ExploitDB-49063) exploit

froxlor.org/ (Official Froxlor Homepage) product

froxlor.org/download/ (Froxlor Download Page) product

www.vulnerability-lab.com/get_content.php?id=2241 (Vulnerability Lab Advisory) vendor-advisory

www.vulnerability-lab.com/show.php?user=Vulnerability-Lab (Vulnerability Lab Profile) vendor-advisory

www.vulnerability-lab.com/show.php?user=Benjamin%20K.M. (Researcher Profile) vendor-advisory

www.vulncheck.com/...t-panel-persistent-cross-site-scripting (VulnCheck Advisory: Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting) third-party-advisory

cve.org (CVE-2020-36978)

nvd.nist.gov (CVE-2020-36978)

Download JSON